A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports.
Vulnerabilities
Unpatched Flaw in Discontinued Plugin Exposes WordPress Sites to Attacks
A stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Datepicker WordPress plugin will not receive a patch, leaving websites exposed to attacks, WordPress security firm Defiant reports. The post Unpatched Flaw in Discontinued Plugin Exposes WordPress Sites to Attacks appeared first on SecurityWeek.
Latest News
- TrueConf Zero-Day Exploited in Asian Government Attacks
- In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
- Critical ShareFile Flaws Lead to Unauthenticated RCE
- Mobile Attack Surface Expands as Enterprises Lose Control
- React2Shell Exploited in Large-Scale Credential Harvesting Campaign
- T-Mobile Sets the Record Straight on Latest Data Breach Filing
- North Korean Hackers Drain $285 Million From Drift in 10 Seconds
- Critical Vulnerability in Claude Code Emerges Days After Source Leak
Publisher